From 993174ab2d589e2e52aec8aebbbcb731cde9e6a8 Mon Sep 17 00:00:00 2001
From: Chuck Hagenbuch <chuck@horde.org>
Date: Wed, 19 Jan 2011 23:20:45 -0500
Subject: [PATCH] Don't allow a protocol scheme to start with punctuation.
 Should they even be able to start with numbers?

---
 framework/Core/lib/Horde.php                             | 6 +++---
 framework/Text_Filter/lib/Horde/Text/Filter/Linkurls.php | 2 +-
 wicked/lib/Wicked.php                                    | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/framework/Core/lib/Horde.php b/framework/Core/lib/Horde.php
index d331226d2..4774a849f 100644
--- a/framework/Core/lib/Horde.php
+++ b/framework/Core/lib/Horde.php
@@ -924,7 +924,7 @@ HTML;
         $url = '';
         $webroot = ltrim($GLOBALS['registry']->get('webroot', empty($opts['app']) ? null : $opts['app']), '/');
 
-        if ($full && !isset($puri['scheme']) && !preg_match('|^([\w+-]{1,20})://|', $webroot) ) {
+        if ($full && !isset($puri['scheme']) && !preg_match('|^([a-zA-Z0-9][\w+-]{0,19})://|', $webroot) ) {
             /* Store connection parameters in local variables. */
             $server_name = $GLOBALS['conf']['server']['name'];
             $server_port = $GLOBALS['conf']['server']['port'];
@@ -961,9 +961,9 @@ HTML;
             $url = $puri['scheme'] . '://' . $puri['host'];
         }
 
-        if (isset($puri['path']) && substr($puri['path'], 0, 1) == '/' && !preg_match('|^([\w+-]{1,20})://|', $webroot)) {
+        if (isset($puri['path']) && substr($puri['path'], 0, 1) == '/' && !preg_match('|^([a-zA-Z0-9][\w+-]{0,19})://|', $webroot)) {
             $url .= $puri['path'];
-        } elseif (isset($puri['path']) && preg_match('|^([\w+-]{1,20})://|', $webroot)) {
+        } elseif (isset($puri['path']) && preg_match('|^([a-zA-Z0-9][\w+-]{0,19})://|', $webroot)) {
             $url = $webroot . (substr($puri['path'], 0, 1) != '/' ? '/' : '') . $puri['path'];
         } else {
             $url .= '/' . ($webroot ? $webroot . '/' : '') . (isset($puri['path']) ? $puri['path'] : '');
diff --git a/framework/Text_Filter/lib/Horde/Text/Filter/Linkurls.php b/framework/Text_Filter/lib/Horde/Text/Filter/Linkurls.php
index 1e488d0a6..02b9a5bc1 100644
--- a/framework/Text_Filter/lib/Horde/Text/Filter/Linkurls.php
+++ b/framework/Text_Filter/lib/Horde/Text/Filter/Linkurls.php
@@ -83,7 +83,7 @@ class Horde_Text_Filter_Linkurls extends Horde_Text_Filter_Base
 
         return array(
             'regexp' => array(
-                '|([\w+-]{1,20})://([^\s"<]*[\w+#?/&=])|e' => $replacement
+                '|([a-zA-Z0-9][\w+-]{0,19})://([^\s"<]*[\w+#?/&=])|e' => $replacement
             )
         );
     }
diff --git a/wicked/lib/Wicked.php b/wicked/lib/Wicked.php
index 830b8484a..b07f18099 100644
--- a/wicked/lib/Wicked.php
+++ b/wicked/lib/Wicked.php
@@ -82,7 +82,7 @@ class Wicked
         }
 
         $url = Horde::url($script, $full, array('append_session' => $append_session));
-        $url->url = preg_replace('|^[\w+-]{1,20}://[^/]*|', '', $url->url);
+        $url->url = preg_replace('|^[a-zA-Z0-9][\w+-]{0,19}://[^/]*|', '', $url->url);
 
         return $url;
     }
-- 
2.11.0